From fc113c97a3935896869e8bccf7a70cb7c7ed95d3 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Sun, 29 Feb 2004 20:12:33 +1100
Subject:    - dtucker@cvs.openbsd.org 2004/02/27 22:42:47      [dh.c]     
 Prevent sshd from sending DH groups with a primitive generator of zero or    
  one, even if they are listed in /etc/moduli.  ok markus@

---
 dh.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'dh.c')

diff --git a/dh.c b/dh.c
index c7a3e18be..b58b8bc28 100644
--- a/dh.c
+++ b/dh.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.26 2003/12/16 15:51:54 markus Exp $");
+RCSID("$OpenBSD: dh.c,v 1.27 2004/02/27 22:42:47 dtucker Exp $");
 
 #include "xmalloc.h"
 
@@ -91,6 +91,9 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
 	if (BN_num_bits(dhg->p) != dhg->size)
 		goto failclean;
 
+	if (BN_is_zero(dhg->g) || BN_is_one(dhg->g))
+		goto failclean;
+
 	return (1);
 
  failclean:
-- 
cgit v1.2.3


From c56c7ef592e9dded048faa1443049679aacc0421 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Sun, 29 Feb 2004 20:13:34 +1100
Subject:    - dtucker@cvs.openbsd.org 2004/02/27 22:44:56      [dh.c]     
 Make /etc/moduli line buffer big enough for 8kbit primes, in case anyone     
 ever uses one.  ok markus@

---
 ChangeLog | 6 +++++-
 dh.c      | 4 ++--
 2 files changed, 7 insertions(+), 3 deletions(-)

(limited to 'dh.c')

diff --git a/ChangeLog b/ChangeLog
index 010c450b8..20b1d8e63 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,10 @@
      [dh.c]
      Prevent sshd from sending DH groups with a primitive generator of zero or
      one, even if they are listed in /etc/moduli.  ok markus@
+   - dtucker@cvs.openbsd.org 2004/02/27 22:44:56
+     [dh.c]
+     Make /etc/moduli line buffer big enough for 8kbit primes, in case anyone
+     ever uses one.  ok markus@
 
 20040226
  - (bal) KNF our sshlogin.c even if the code looks nothing like upstream
@@ -812,4 +816,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3262 2004/02/29 09:12:33 dtucker Exp $
+$Id: ChangeLog,v 1.3263 2004/02/29 09:13:34 dtucker Exp $
diff --git a/dh.c b/dh.c
index b58b8bc28..0790aff79 100644
--- a/dh.c
+++ b/dh.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.27 2004/02/27 22:42:47 dtucker Exp $");
+RCSID("$OpenBSD: dh.c,v 1.28 2004/02/27 22:44:56 dtucker Exp $");
 
 #include "xmalloc.h"
 
@@ -108,7 +108,7 @@ DH *
 choose_dh(int min, int wantbits, int max)
 {
 	FILE *f;
-	char line[2048];
+	char line[4096];
 	int best, bestcount, which;
 	int linenum;
 	struct dhgroup dhg;
-- 
cgit v1.2.3


From effc84ce5b304a0cef62b13e72172847b6f03ceb Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Sun, 29 Feb 2004 20:15:08 +1100
Subject:    - dtucker@cvs.openbsd.org 2004/02/27 22:49:27      [dh.c]     
 Reset bit counter at the right time, fixes debug output in the case where    
  the DH group is rejected.  ok markus@

---
 ChangeLog | 6 +++++-
 dh.c      | 6 +++---
 2 files changed, 8 insertions(+), 4 deletions(-)

(limited to 'dh.c')

diff --git a/ChangeLog b/ChangeLog
index 20b1d8e63..f510abfc2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,10 @@
      [dh.c]
      Make /etc/moduli line buffer big enough for 8kbit primes, in case anyone
      ever uses one.  ok markus@
+   - dtucker@cvs.openbsd.org 2004/02/27 22:49:27
+     [dh.c]
+     Reset bit counter at the right time, fixes debug output in the case where
+     the DH group is rejected.  ok markus@
 
 20040226
  - (bal) KNF our sshlogin.c even if the code looks nothing like upstream
@@ -816,4 +820,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3263 2004/02/29 09:13:34 dtucker Exp $
+$Id: ChangeLog,v 1.3264 2004/02/29 09:15:08 dtucker Exp $
diff --git a/dh.c b/dh.c
index 0790aff79..afd1e05d0 100644
--- a/dh.c
+++ b/dh.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.28 2004/02/27 22:44:56 dtucker Exp $");
+RCSID("$OpenBSD: dh.c,v 1.29 2004/02/27 22:49:27 dtucker Exp $");
 
 #include "xmalloc.h"
 
@@ -197,7 +197,7 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
 void
 dh_gen_key(DH *dh, int need)
 {
-	int i, bits_set = 0, tries = 0;
+	int i, bits_set, tries = 0;
 
 	if (dh->p == NULL)
 		fatal("dh_gen_key: dh->p == NULL");
@@ -214,7 +214,7 @@ dh_gen_key(DH *dh, int need)
 			fatal("dh_gen_key: BN_rand failed");
 		if (DH_generate_key(dh) == 0)
 			fatal("DH_generate_key");
-		for (i = 0; i <= BN_num_bits(dh->priv_key); i++)
+		for (i = 0, bits_set = 0; i <= BN_num_bits(dh->priv_key); i++)
 			if (BN_is_bit_set(dh->priv_key, i))
 				bits_set++;
 		debug2("dh_gen_key: priv key bits set: %d/%d",
-- 
cgit v1.2.3